Introduction
This install guide will walk you through the steps required to run the NetFoundry Edge Router image as a Docker container. This enables users to run a linux solution at the edge.
The network below portrays a potential use case where 2 Docker hosts connect to some developer endpoints as well as resources in Azure vNET and AWS VPC.
The resources in AWS, Azure and developer endpoints can access all pods/containers in each node by private Docker network interface e.g. 172.17.0.2. The Edge Router containers are also able to connect to devices on the Node network.
This guide assumes you have at least 1 working Linux server with Docker installed. Administrators may also choose to use Docker-Compose for deployment.
Before You Begin
- Sign up for NetFoundry Account.
- Install Docker for your desired Linux O/S.
Deploy Edge Router to host
Create Edge Router in the NetFoundry console
- In the NetFoundry console, create an Edge Router that is not "hosted". This means your Edge Router is self-hosted instead of NetFoundry's datacenter. Click the "registration key" button to copy it to your clipboard..
Deploy Autonomous Ziti-Router Docker Image
- Run ziti-router as a container. The ziti-router binary is saved under the persistent volume and autonomously maintains a consistent software versions to the Network Controller.
- This image requires access to a NF console router registration key, and a persistent volume mounted at "/etc/netfoundry" to save the configuration file that is created when the one-time registration key is consumed.
-
Environment Variables
- REG_KEY: The router registration key retrieved from nfconsole.
- VERBOSE: Turn on the verbose mode.
- HTTPS_PROXY: Run the ziti over proxy server. ex: http://192.168.105.156:3128
-
Volumes
- /etc/netfoundry: Configuration files that result from enrollment will be stored here. This volume should be persistent to preserve the identity of the edge router. If this configuration is lost, it will be necessary to re-register your Edge Router.
Example Docker Deployment
# create directory to map to /etc/netfoundry
$ mkdir ./ziti_router
$ docker run --name netfoundry-er -v $(pwd)/ziti_router:/etc/netfoundry \
-e REG_KEY=<registration_key from console> \
-e VERBOSE=1 \
-e HTTPS_PROXY=<proxy address> \
netfoundry/autonomous-router:latest
or to run in background
$ docker run --name netfoundry-er -d -v $(pwd)/ziti_router:/etc/netfoundry \
-e REG_KEY=<registration_key from console> \
-e VERBOSE=1 \
-e HTTPS_PROXY=<proxy address> \
netfoundry/autonomous-router:latest
Notes:
- The ziti-router only runs the edge component.
- The REG_KEY environment variable must be set to register the ziti-router to the network.
- The VERBOSE environment variable is optional.
- The HTTPS_PROXY environment variable is optional.
- The "/etc/netfoundry" directory must be mounted on its own volume.
- The Ziti Router container will update automatically and cannot be upgraded manually.
Deploy Ziti-Router Docker Image with autonomous update
- For customer that wish to download ziti binary from different source and not constantly update the ziti binary to match the controller version.
- This image requires access to a NF console router registration key, and a persistent volume mounted at "/etc/netfoundry" to save the configuration file that is created when the one-time registration key is consumed.
-
Environment Variables
- REG_KEY: The router registration key retrieved from nfconsole.
- VERBOSE: Turn on the verbose mode.
- HTTPS_PROXY: Run the ziti over proxy server. ex: http://192.168.105.156:3128
- OVERRIDE_DOWNLOAD_URL: download the ziti binary from specified url. ex: http://127.0.0.1/ziti-linux.tar.gz
-
Volumes
- /etc/netfoundry: Configuration files that result from enrollment will be stored here. This volume should be persistent to preserve the identity of the edge router. If this configuration is lost, it will be necessary to re-register your Edge Router.
Example Docker Deployment
# create directory to map to /etc/netfoundry
$ mkdir ./ziti_router
$ docker run --name netfoundry-er -d -v $(pwd)/ziti_router:/etc/netfoundry \
-e REG_KEY=<registration_key from console> \
-e VERBOSE=1 \
-e HTTPS_PROXY=<proxy address> \
-e OVERRIDE_DOWNLOAD_URL=<download url> \
netfoundry/netfoundry-router:latest
Example Docker-Compose Deployment
example docker-compose.yaml file
version: '3'
services:
autonomous-er:
container_name: netfoundry-er
image: netfoundry/autonomous-router:latest
# or image: netfoundry/netfoundry-router:latest
pull_policy: always
restart: unless-stopped
environment:
- VERBOSE=1
- REG_KEY=<registration_key from console>
- HTTPS_PROXY=<proxy address>
volumes:
- ./ziti_router:/etc/netfoundry
Options in the docker-compose.yaml file:
- pull_policy (always): will update the autonoumous-router to the latest version every time docker-compose up is executed.
- restart: will start the container again if the entry point exits.
To start the container:
docker-compose up -d
To update the container, you will need to restart the container.
docker-compose down
docker-compose up -d
Retrieve logs
To retrieve logs from the container, use "docker logs" command.
Example:
# docker logs netfoundry-er
To display log and monitor the real time output:
# docker logs -f netfoundry-er
To save the log to a file (example using filename "er-container-log-0829.log":
# docker container logs netfoundry-er >er-container-log-0829.log 2>&1